Paloalto Prisma Access vulnerabilities

CVE-2022-0022 [MEDIUM] CWE-916 PAN-OS: Use of a Weak Cryptographic Algorithm for Stored Password Hashes PAN-OS: Use of a Weak Cryptographic Algorithm for Stored Password Hashes Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode. An attacker mu

CVE-2022-0011 [MEDIUM] CWE-436 PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list (EDL) in a URL F

CVE-2021-44228 [CRITICAL] CWE-94 Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 Apache Log4j Java library is vulnerable to a remote code execution vulnerability CVE-2021-44228, known as Log4Shell, and related vulnerabilities CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832. Log4Shell allows remote unauthenticated attackers with the ability to i

CVE-2021-3064 [CRITICAL] CWE-121 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to

CVE-2021-3059 [HIGH] CWE-78 PAN-OS: OS Command Injection Vulnerability When Performing Dynamic Updates PAN-OS: OS Command Injection Vulnerability When Performing Dynamic Updates An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges. Affected products: PAN-OS, Prisma Access Solution: This issue is fixed in

CVE-2021-3056 [HIGH] CWE-120 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.2

CVE-2021-3063 [HIGH] CWE-755 PAN-OS: Denial-of-Service (DoS) Vulnerability in GlobalProtect Portal and Gateway Interfaces PAN-OS: Denial-of-Service (DoS) Vulnerability in GlobalProtect Portal and Gateway Interfaces An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send specifically crafted traffic to a GlobalProtect interface that causes the service to st

CVE-2021-3061 [HIGH] CWE-78 PAN-OS: OS Command Injection Vulnerability in the Command Line Interface (CLI) PAN-OS: OS Command Injection Vulnerability in the Command Line Interface (CLI) An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. Affected products: PAN-OS, Prisma Access Solution: This issue is fixed in PAN-OS 8.1.20-h1,

CVE-2021-3062 [HIGH] CWE-284 PAN-OS: Improper Access Control Vulnerability Exposing AWS Instance Metadata Endpoint to GlobalProtect Users PAN-OS: Improper Access Control Vulnerability Exposing AWS Instance Metadata Endpoint to GlobalProtect Users An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation

CVE-2021-3060 [HIGH] CWE-78 PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP) PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP) An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to

CVE-2021-3058 [HIGH] CWE-78 PAN-OS: OS Command Injection Vulnerability in Web Interface XML API PAN-OS: OS Command Injection Vulnerability in Web Interface XML API An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. Affected products: PAN-OS, Prisma Access Solution: This issue is fixed in PAN-OS 8.1.20-h1, PAN-OS 9.0.14-h3

CVE-2020-1968 [LOW] CWE-203 PAN-OS: Impact of the Raccoon Attack Vulnerability CVE-2020-1968 PAN-OS: Impact of the Raccoon Attack Vulnerability CVE-2020-1968 In versions of Palo Alto Networks PAN-OS software earlier than PAN-OS 10.0, the DHE cipher available for use in traffic decryption improperly shares a cryptographic secret across multiple TLS connections, which weakens its cryptographic strength. This is a prerequisite for successful exploitation of the Raccoon attack (CVE-2020-1968), whic

CVE-2024-0012 [CRITICAL] CWE-306 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escala

CVE-2025-0128 [HIGH] CWE-754 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter

CVE-2025-4230 [HIGH] CWE-78 PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI. The security risk posed by this issue is significantly minimiz

CVE-2025-0114 [HIGH] CWE-400 PAN-OS: Denial of Service (DoS) in GlobalProtect PAN-OS: Denial of Service (DoS) in GlobalProtect A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This issue affects both the GlobalProtect portal and the GlobalProtect gateway. This issue does not apply to Cloud N

CVE-2025-0127 [HIGH] CWE-78 PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed. Cloud NGFW

CVE-2024-9472 [HIGH] CWE-476 PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Traffic PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Traffic A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (

CVE-2025-0126 [HIGH] CWE-384 PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. The SAML login for the PAN-OS® manageme

CVE-2025-4231 [HIGH] CWE-77 PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and P